Cmdagent.exe excessive CPU usage when run in conjunction with MSE [Resolved]

cmdagent.exe excessive CPU usage – AGAIN!

The bug/issue

  1. What you did: Accepted CIS’s offer of an update. Rebooted after update.
  2. What actually happened or you actually saw: High CPU usage.
  3. What you expected to happen or see: Much lower/normal CPU usage.
  4. How you tried to fix it & what happened: Terminated and restarted cmdagent.exe. See details below.
  5. Details (exact version) of any software involved with download link: Current Microsoft Security Essentials (can’t determine version)

Files appended

  1. Screenshots illustrating the bug: Not applicable
  2. Screenshots of related event logs or the active processes list: Not applicable
  3. A CIS config. report or file: Not applicable
  4. Crash or freeze dump file: Not applicable

Your set-up

  1. CIS version, AV database version & configuration used: 5.0.163652.1142, Internet config
  2. Whether you imported a configuration, if so from what version: No
  3. Defense+ and Sandbox OR Firewall security level: Defenseplus=Clean PC, Sandbox=enabled
  4. OS version, service pack, bits, UAC setting, & account type: Windows XP, SP3, 32 bit, N/A, Admin account.
  5. Other security and utility software running: MSSE
  6. Virtual machine used: Not applicable

I haven’t seen this problem for quite awhile, but since the update CIS asked to do the other day, IT’S BACK. First, I’m currently running CIS 5.0.163652.1142 on Windows XP Pro SP3 with all subsequent MS updates. I have the CIS antivirus disabled, but everything else is enabled. The firewall is in Safe Mode, Defense+ is in Clean PC Mode, and the Sandbox is enabled. I’m also running Microsoft Security Essentials for virus and spyware protection.

Even though CIS’s antivirus is disabled, it seems there is either some interaction with MSSE, or the problem with cmdagent.exe consuming an excess amount of CPU cycles has returned. I’m seeing cmdagent.exe using 25% of the CPU cycles (Intel Q9400) most of the time. It’s almost always within the range of 20 - 25% except for when it periodically trades places with MsMpEng.exe (MS Security Essentials). By trading places, I mean that cmdagent’s usage drops to zero and MsMpEng simultaneously jumps from zero to 25%. After a little while, they trade back again (MSSE at zero and cmdagent at 20 - 25%). I haven’t pinned down the exact timing, but I’d say the ratio between the two is around 3 to 1, with cmdagent using 25% for around 12 seconds and MSSE using 25% for around 4 seconds in a repeating pattern. Note that cmdagent’s usage drops through the range of 25 to 20% before dropping to zero as they’re about to trade places, but MSSE seems to toggle directly between 0 and 25%.

I’ve found that, if I temporarily disable Defense+, I can terminate cmdagent.exe. When I do this and cmdagent.exe is not running, MSSE rarely uses a significant amount of CPU resources. If I then use the CIS Diagnostics option, it detects a problem, and if I tell it to fix the problem, I can restart cmdagent and re-enable Defense+ (Clean PC Mode). For a while after doing this, the total CPU usage for my entire system is in the neighborhood of 10%, including all my apps, tray apps, etc. and both MSSE and CIS. During this period, both cmdagent and MsMpEng use between 0 and 1% each. At some point, and I don’t know what triggers it or if there’s a repeatable time period, the whole thing starts up again. This last time, it took about 20 minutes for the 25% thing to start up again. As near as I can tell, all components of CIS are functioning properly in terms of their security functions (with the exception of the antivirus, which is disabled), and the same is true for MSSE.

There’s obviously something wrong that’s causing this, and it seems most likely that the problem is somewhere in CIS, most likely in cmdagent.exe. The fact that everything seems to work properly for a considerable length of time after temporarily killing cmdagent.exe is strong evidence that it is either the source of the problem or closely connected to the source. It seems the latest update reintroduced a bug.

There is an issue report for Avast here.

Could you try the logging exclusions and installer/updater trick described to see if it has any effect?

Then report back

Many thanks


Mouse -

I found a way to prevent the problem. I added the MSSE executable (MsMpEng.exe) to the Defense+ exclusions. This immediately eliminated all of the issues I described in my bug report.

Thanks. Was it buffer overflow exclusions on the execution control tab you used?

Best wishes


Yes it was.